Computer System and Network Security

Cybersecurity

We will bankrupt ourselves in the vain search
for absolute security.— Dwight D. Eisenhower

If you want total security, go to prison.
There you're fed, clothed, given medical
care and so on.
The only thing lacking... is freedom.— Dwight D. Eisenhower

The world is never going to be perfect, either on-
or offline; so let's not set impossibly
high standards for online.— Esther Dyson

He that breaks a thing to find out what it is has left the path of wisdom.— Gandalf in The Fellowship of the Ring

Few persons can be made to believe that
it is not quite an easy thing to invent a
method of secret writing which shall baffle
investigation.
Yet it may be roundly asserted that human
ingenuity cannot concoct a cipher which
human ingenuity cannot resolve.— Edgar Allan Poe, in "A Few Words On
Secret Writing", Graham's Magazine,
July 1841

From a practical standpoint the security problem will
remain as long as manufacturers remain
committed to current system architectures,
produced without a firm requirement for
security.
As long as there is support for ad hoc fixes
and security packages for these inadequate
designs and as long as the illusory results
of penetration teams are accepted as
demonstrations of a computer system security,
proper security will not be a reality.— Roger Schell in the USAF report
Preliminary Notes on the Design of Secure Military
Computer Systems, written in 1973

He who fights monsters should see to it that
he himself does not become a monster.
And if you gaze for long into an abyss, the
abyss gazes also into you.— Friedrich Nietzsche in Beyond Good and Evil

This page remains under construction,
just as your information security policy should.

These pages are intended to provide some background for
the courses I teach, listing the references and URLs
for various tools, studies, and other issues that come
up in courses.
Plus, of course, once I have these pages I no longer have
to try to remember specific reference details!

Also check out
Purdue's
CERIAS
information assurance research and development group
and their resources at
cerias.purdue.edu.

Remember that installing some tools,
and even taking security quite seriously on an on-going basis,
does not make you secure!
There is no such thing
as a completely secure system.
Hence some lawyer repellent, er, I mean, disclaimer:

The following are no more than suggestions.
There is no guarantee that they will
make your system secure.
Mention here of a commercial product is by no means an
endorsement — I'm just trying to direct you to
several available tools, and I may have only one
such example handy right now.

Use this information as a tool,
in addition to what you have already learned.

Fundamentals — Cryptography and Networking

World War Two cryptographic hardwareLeft: German Enigma encryption machine Right: U.S. SIGABA encryption machine
National Museum of the U.S. Air Force, WPAFB